Lucene search
+L
BitdefenderBox Firmware

5 matches found

cve
cve
added 2025/03/12 11:48 a.m.98 views

CVE-2024-13871

CVE-2024-13871 affects Bitdefender Box 1 with firmware 1.3.11.490. The vulnerability is a command injection in the "/check_image_and_trigger_recovery" API endpoint that allows an unauthenticated, network-adjacent attacker to execute arbitrary commands, potentially enabling full remote code execut...

9.4CVSS8.7AI score0.0075EPSS
cve
cve
added 2025/03/12 11:47 a.m.83 views

CVE-2024-13872

Bitdefender Box is affected in versions 1.3.11.490–1.3.11.505. The issue arises from downloading assets over HTTP for updates via the /set_temp_token API, enabling an unauthenticated, network-adjacent attacker to perform MITM and return malicious assets. Restarted daemons using those assets can l...

9.4CVSS7.6AI score0.00227EPSS
cve
cve
added 2019/10/31 4:2 p.m.54 views

CVE-2019-12612

CVE-2019-12612 affects Bitdefender BOX firmware versions before 2.1.37.37-34. The issue allows an attacker to pass arbitrary code to the BOX appliance via the web API, requiring the attacker to be present on the Box setup network and for the BOX to be in setup mode. The connected records provide ...

7.8CVSS7.7AI score0.00327EPSS
cve
cve
added 2025/03/12 11:48 a.m.53 views

CVE-2024-13870

Bitdefender Box 1 devices with firmware 1.3.52.928 or earlier are affected by an improper access control vulnerability that permits an unauthenticated attacker in Wi‑Fi range to downgrade firmware to an older, potentially vulnerable Bitdefender‑signed version when the device is in Recovery Mode. ...

5.7CVSS6.6AI score0.00162EPSS
cve
cve
added 2019/10/17 6:55 p.m.48 views

CVE-2019-12611

Bitdefender BOX firmware pre-2.1.37.37-34 is affected. The vulnerability lies in the miniupnpd implementation where specially crafted packets trigger memory allocation that is not freed, potentially causing the miniupnpd component to crash or the device to reboot. Impact is described as availabil...

4.9CVSS4.7AI score0.00323EPSS